The Reserve Bank of India (RBI) will impose new digital payment rules beginning April 1, 2026, mandating better security measures for online transactions using UPI, cards, and wallets.
The key change requires two-factor authentication (2FA) for all transactions. Users will now require at least two verification methods—such as OTP, PIN, password, or biometrics—since OTP alone is insufficient. The move attempts to reduce escalating fraud risks, such as phishing and SIM switch frauds.
While transactions may take slightly longer, the RBI has implemented risk-based authentication, which allows for speedier payments on trusted devices while requiring more stringent checks for new devices or high-value transactions.
In a significant move, banks and payment platforms will be held liable for security breaches. Customers may be compensated if fraud happens due to system faults, resulting in speedier resolution and better consumer protection.
The restrictions will also apply to overseas transactions, with full implementation scheduled in October 2026.
The RBI stated that the modifications are intended to increase confidence, prevent cyber fraud, and ensure the security of India’s fast expanding digital payments infrastructure.
Source – India Today
